Fedora Core 5 Security Notes



Download 5.72 Kb.
Date31.01.2017
Size5.72 Kb.
#13843
Fedora Core 5 Security Notes
SSH

  • sudo cat /var/log/secure

    • Failed password for root from 219.148.111.202 port 51043 ssh2

    • Failed password for invalid user test from 219.148.111.202 port 52038 ssh2

  • /etc/ssh/sshd_config

    • #Port 22

    • PermitRootLogin no

    • X11Forwarding yes

  • yum install blockhosts

  • /etc/hosts.allow

    • # permanent whitelist addresses - these should always be allowed access

    • ALL: 127.0.0.1 : allow

    • ALL: 192.168.0. : allow



    • # permanent blacklist addresses - these should always be denied access

    • ALL: 10. : deny

    • ALL: 192. : deny

    • ALL: 172. : deny



    • the blockhosts script



    • #---- BlockHosts Additions

    • #bh: ip: 219.148.111.202 : 4 : 2006-10-31-09-07

Tripwire:


Advanced Intrusion Detection Environment (AIDE)



  • yum no luck due to extras servers down

  • rpmfind yes but not available

  • found source at http://sourceforge.net/projects/aide

  • ./configure resulted in errors I could not simply solve so I tried yum again

  • Found aide.i386 0:0.11-1 via yum

    • not much documentation: man aide, man aide.conf & /usr/share/doc/aide-0.11/manual.html

    • /etc/aide.conf

    • /usr/sbin/aide

      • aide --init, -i
        /usr/sbin/aide -i

      • aide or aide --check, -c
        /usr/sbin/aide
        Couldn't open file /var/lib/aide/aide.db.gz for reading

        mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz


        checked again and got: ### All files match AIDE database. Looks okay!



      • Aide --update,-u ##used after changes to update database

      • if using this host IDS I suggest reading and understanding the docs and aide.conf


Download 5.72 Kb.

Share with your friends:



The database is protected by copyright ©ininet.org 2024
send message
    Main page
Guide
Instructions
Report
Request
Review